Date: Sat, 21 Dec 2002 17:51:55 +0100 From: "Daniel Benito [ATRIL]" <dbenito@atril.com> To: <freebsd-questions@FreeBSD.ORG> Subject: Newbie routing question Message-ID: <005701c2a911$455b1350$0e00a8c0@atril.com>
next in thread | raw e-mail | index | archive | help
This is probably pretty easy, but I'm a complete newbie regarding network
configuration, so please bear with me :-)
I've just had a nice LMDS (radio) connection installed, and my provider has
assigned me 16 IP addresses (A.B.C.0/28). After weighing different options
(and consulting a few friends), I decided to install a FreeBSD firewall
using IPFilter; since I have more internal interfaces than public IPs, I'm
also using IPNat.
At first, I configured NAT to map all private IP addresses to the firewall's
external interface's IP address (A.B.C.2), and everything worked as
expected. However, I want certain internal machines to have their own
external IP address, so I added some extra bimap entries to my
/etc/ipnat.rules to make this work. Now, NAT works fine, but my firewall
refuses to route packets from these specific IP addresses out into the real
world.
Clearly, having gateway_enabled="YES" in /etc/rc.conf isn't enough, so I
though I could use a routing daemon. I configured routed (using "-s" as
recommended by sysinstall). Running netstat -rn reveals that the entire
A.B.C.0/28 subnet is routed to the router provided by my ISP (A.B.C.1):
Destination Gateway Flags Refs Use Netif Expire
default A.B.C.1 UGSc 2 0 if0
A.B.C/28 link#1 UC 2 0 if0
A.B.C.1 00:07:e3:50:e4:38 UHLW 1 0 if0 1234
127.0.0.1 127.0.0.1 UH 0 0 lo0
192.168.0 link#2 UC 3 0 if1
192.168.0.13 00:cd:ef:01:23:45 UHLW 0 0 if1 1234
192.168.0.14 00:ef:01:23:45:67 UHLW 0 0 if1 1234
I figured there was no need to add any static routes, but it still doesn't
work.
I looked around the web, and I found a page that recommended that I added
all of the public IPs as aliases on the external interface. It specifically
gave two options:
1. Use: ifconfig if0 inet A.B.C.x netmask p.q.r.s alias
route add -host A.B.C.x 127.0.0.1 0
2. Use: ifconfig if0 inet A.B.C.x netmask 255.255.255.255 alias
If I use option 1, I run into problems because I can't add more than one IP
with the same broadcast address (and I don't know what broadcast address I
should use for the other IPs, other than the same one I'm using for the real
IP of the interface). Option 2 works fine, but I don't quite understand why
it works and why I should have to use it. After adding the aliased IP that I
need, the output of netstat -rn looks like this:
Destination Gateway Flags Refs Use Netif Expire
default A.B.C.1 UGSc 2 0 if0
A.B.C/28 link#1 UC 2 0 if0
A.B.C.1 00:07:e3:50:e4:38 UHLW 1 0 if0 1234
A.B.C.13/32 link#1 UC 0 0 if0
A.B.C.14/32 link#1 UC 0 0 if0
127.0.0.1 127.0.0.1 UH 0 0 lo0
192.168.0 link#2 UC 3 0 if1
192.168.0.13 00:b0:7d:9f:ba:40 UHLW 0 0 if1 1234
192.168.0.14 00:b0:7d:a0:9a:02 UHLW 0 0 if1 1234
So, what I don't understand is why it didn't work when it only had
A.B.C/28 -> link#1, but it works now that if explicitly has routes for
A.B.C.13 and A.B.C.14. Can anyone explain this?
MTIA,
Daniel
PS. Just in case anyone is interested, this is my current ifconfig:
if0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
inet A.B.C.2 netmask 0xfffffff0 broadcast A.B.C.15
inet A.B.C.14 netmask 0xffffffff broadcast A.B.C.14
inet A.B.C.13 netmask 0xffffffff broadcast A.B.C.13
ether 00:b0:7d:de:52:a4
media: Ethernet autoselect (10baseT/UTP)
status: active
if1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
inet 192.168.0.2 netmask 0xffffff00 broadcast 192.168.0.255
ether 00:b0:7d:de:52:b2
media: Ethernet autoselect (100baseTX)
status: active
lo0: flags=A49<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
inet 127.0.0.1 netmask 0xff000000
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?005701c2a911$455b1350$0e00a8c0>